Jack Lloyd <[EMAIL PROTECTED]> writes: >I just reread those sections and I still don't see anything about RSA >encryption padding either. 3.2.2 just has some useless factoids about the RSA >implementation (but neglects to mention important implementation points, like >if blinding is used, or if signatures are verified before being released). >3.2.3 describes the signature padding, but makes no mention of the encryption >padding, or even that a padding method is used for encryption.
This would match my experience with homebrew VPN protocols when I looked at a pile of OSS VPN implementations a year or so back. Evrey single one of them had flaws (some quite serious) not in getting the basic crypto right, but in the way that the crypto was used. I don't see any reason why Skype should break this mould. I can't understand why they didn't just use TLS for the handshake (maybe YASSL) and IPsec sliding-window + ESP for the transport (there's a free minimal implementation of this whose name escapes me for use by people who want to avoid the IKE nightmare). Established, proven protocols and implementations are there for the taking, but instead they had to go out and try and assemble something with their own three hands (sigh). (Having said that, I don't consider it a big deal. I've always treated Skype as a neat way of doing VoIP rather than a super-secure encrypted comms link. The security (for whatever it's worth) is just icing on the basic Skype service - I'd use it with or without encryption. The killer app is the cheap phonecalls, not the crypto). Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
